Loading PS4 Payload from a Blu-ray (Server-less Option) BD-J

Since @XVortex created a java payload version of PS4HEN that doesn't require you to push it using a PC, thanks to his web/java version, I have searched for a way to get this working without a web server needed.

It comes to my mind that PS4 supports BD-J (for Java) for it's Blu-ray Live (BD-Live) and that it has persistent storage and ability to do virtual storage as well.

The process is simple:

• create a menu for Blu-ray to call ps4-hen-vtx that will load payload.js and the rop.js
• burn the Blu-ray disc (create an iso)
• play back in PS4 and click on the menu to load the payload

I will be playing with this more this weekend, but meanwhile, if @XVortex or someone else wants to give a try, go ahead. That will be a perfect so the PS4 is independent of a web server.

More info here ; http://www.oracle.com/technetwork/articles/javame/bluray-142687.html

 

[Chaos Kid]

it is possible to do it people just don't grasp the concept of how to do it. but he way it needs to be done is a process. not many here have the knowledge of ddaa in general or how to do them properly anyway.

payload is basic file that has bin converted so say your exec.exe was hacked then the file becomes converted and labelled payload. it's not that easy but I found that info on github so you have an idea

 

[Vampi Nika]

Wow. This is an excelent idea. Hope you can manage to create the iso. Thanks for the effort.

 

[aneesh]

Will wait for the iso. Thanks for the scene members

 

[misthalu]

I was too curious about this whole "browsing local files from a local BD-J server", so I went to visit a mate to test on his PS4.

Results: It seems that the PS4 is actually capable of multitasking to such a degree that you can indeed start the local BD-J webserver - then hit the PS button to go to the system menu and start browser - then input the address to the local IP - and the browser will then fetch the content served by the local BD-J webserver.

I can't be 100% sure yet though, because I was using Ukko's Journey to test, and unfortunately I have coded the webserver part of Ukko's Journey in a way so that it exits the webserver part as soon as you click a button. That means as soon as I click the PS button, it stops the webserver.

So the way I tested was to go to the browser first, and input http://127.0.0.1:4444
Then hurry open Ukko's Journey and select "Send to phone" in the menu (to start the BD-J webserver). Returning to the browser after this revealed that it had indeed fetched the page from the Ukko's Journey Disc.

​

The same cannot be done with the PS3. Only PS4 allows this kind of multitasking.

But the great news about this is that it means you don't need Runtime.exec(). You can just start the disc. Then hit PS to start the browser.

 

[magicmmm]

can that lovely soul who already done the hard work and created the "FINAL ISO" please share it with us.

or upload to zippyshare/torrent

so we non-technical people can just burn it and run it ?

Thanks heaps

 

[ceedveed]

I'm going to pickup a Blu-ray writer. Are there any I should avoid in order to properly use this exploit?

 

[misthalu]

can that lovely soul who already done the hard work and created the "FINAL ISO" please share it with us.

There is no "final iso" available for what threadstarter is proposing. I don't have the skills to create one either. Someone with more in-depth knowledge about jailbreaking will need to create such an iso. I assume threadstarter might post one later.

I am just a BD-J developer who happens to have created a BD-J game called "Ukko's Journey" (www.UkkosJourney.com).
This game contains a lot of "proof of concept" functionality, demonstrating that you can do a lot of things with BD-J that other people has previously claimed was impossible to do - including a built-in webserver. (I also created www.Blu-Play.com in the hope that other developers would embrace BD-J for their PS3/PS4/XB1 homebrew game projects. "One disc runs on all").

The ISO for Ukko's Journey can be freely downloaded from www.Blu-Play.com - but it won't help you jailbreak your PS4.

Threadstarter may or may not have had a wrong understanding of what Java is vs what Javascript is. But the general idea, as far as I understand, was to have BD-J serve the PS4HEN stuff to the PS4. And while I don't believe BD-J can do that directly, I recognized it could theoretically be done if it was possible for the PS4 browser to load a webpage from a local webserver running on the same PS4, thus not needing to have the PS4 networked with anything.

Since Ukko's Journey contains a webserver, it just allowed me to quickly test whether this scenario was possible. And is seems that is indeed possible.

But that's where my knowledge about the topic ends. Because I have no clue whatsoever about jailbreaking or hacking. (I don't even own a PS4, nor a PS3).

I'm going to pickup a Blu-ray writer. Are there any I should avoid in order to properly use this exploit?

I have searched this topic myself in the past and found many mixed opinions. I've had good experience with both Asus and LG drives myself.
My only current problem is, that kernels later than 4.4.0-97 doesn't detect the Blu-ray drives in Ubuntu anymore. So currently I'm booting linux-image 4.4.0-97 when I need to burn something.

This has nothing to do with the drives of course, but rather a buggy kernel for Ubuntu.
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1737671

 

[nhcoohrh]

Thanks for your input. Your findings seem positive, having the bd-j working as webserver and the ps4 able of multitasking basically it means this method could replace the use of a pc on the network running webserver. For the hack itself its quite simple to include on your webserver the pages that contain the exploit and basically will be a button to click.

The tricky part will be the dns. The browser its locked in the begin if we dont login to psn. Would be necessary to unlock first using the payload of web permant using a pc and then the next times we could use the browser with no need of dns server

 

[misthalu]

For the hack itself its quite simple to include on your webserver the pages that contain the exploit and basically will be a button to click.

Nice. That's what I thought too.
The webserver in Ukko's Journey isn't that easy to modify though. At the time I thought it would be a good idea to hardcode each file. So I can't just copy new files into a folder. The source will have to be modified a great deal, and I just don't have the time. (I recognize these scenarios well: You think it'll take a few hours. No. It'll end up taking a few days).

But it should be a semi-easy task for someone else who has the time:
Just find and download the "Minimal BD-J dev kit" somewhere. Look at BD-J examples and mix it with the source for a webserver:
https://fragments.turtlemeat.com/javawebserver.php
(That's basically what I did myself back then).

The tricky part will be the dns. The browser its locked in the begin if we dont login to psn. Would be necessary to unlock first using the payload of web permant using a pc and then the next times we could use the browser with no need of dns server

Wow, that sounds tedious. Kinda renders the whole thing useless, doesn't it? I mean if you need a PC in any case?
A webserver can serve a bin file though. But it'll just become a download, and I imagine the PS4 will reject it for not having a recognizable filetype.

Sounds to me though, that Riccardo82's method is a better approach then:

For hosting exploits I actually use a c# application under development by me.

But I also used a raspberry pi 2 and setup for hosting exploits is simple:

install raspberry pi distro
intall apache web server
create and html page to link vortex embedded payloads in file js.

ps4:
no gateway
dns address is raspberry pi

with ps4 browser go to html page hosted on raspberry and select the exploit to run.

I see nothing about the browser being locked in that case though. Al Azif's posts also seem to indicate that no log in to PSN is required:

Runs on anything that Python 3 can run on.

Requires no WAN access. Just a network, can be an airgapped network.

I believe this was Wololo looking at the source and misunderstanding a function and assuming it wouldn't work. It most definitely works without a WAN connection, even back then.

Or maybe there's just something I don't understand.

Too bad PS4 can't read BDMV folder structure from a USB, or am I wrong?

Forgot to answer this one.
No, you cannot run Blu-ray from USB sadly. (Well, not on PS3/PS4 anyway. But many other devices does offer it: Popcorn Hour devices and Dune HD devices for example).
It was possible on the very first firmwares of PS3 to run BD-J stuff off of USB in an AVCHD folder structure, but Sony removed that possibility in later firmwares.

 

[nhcoohrh]

Indeed working on the Ukko's Journey doesn't seem a good approach, but could work as example and thank you for the link. Maybe would be easy to implement a BD-J with to work only as simple Webserver.

Unlocking the browser it's done only 1 time and remains permanent using a payload called "enableWebBrowser405.bin" so after you unlock you can use the webbrowser of the PS4 without login on PSN at all. And you can save a page in your favorites the page that links to the Webserver on the BD-J.

I believe this would be a more user friendly solution for many users since they have their PS4 on the living room and you could have the a Blue-Ray always on the PS4 and no need to go turn on the PC/Android to host the WebServer when you wish to play their backup games.

Special boards that sounds something more for devs and hard to replicate/manufactor, a Blu-ray it's easier to simple copy/share and rip on a Blu-Ray recorder.

Of course for people that are dumping/developing would use a PC, but this would be for the simple user that just wants to play.